Articles from Around the Web

DPC 2022: EU-US Data Privacy Framework touted as challenge anticipated

On the final day of the IAPP European Data Protection Congress 2022 in Brussels, Belgium, government officials entrenched in the ongoing discussions around EU-U.S. data flows focused on further touting and cementing the pending EU-U.S. Data Privacy Framework’s workability. NOYB Honorary Chairman Max Schrems threw cold water on those notions, all but announcing he will attempt to raise a potential “Schrems III” challenge to the Court of Justice of the European Union.

EDPB adopts recommendations on application for controller BCRs

During its November plenary, the European Data Protection Board adopted recommendations on the application for approving controller binding corporate rules. The recommendations update the application form, clarify required content of BCRs and distinguish what information must be included on the form and presented to the data protection authority.

Children's privacy regulation could see final 2022 push in US Congress

Advocates and lawmakers say proposals to protect children's data online could be rolled into year-end defense packages, Axios reports. U.S. Senate leadership is pushing two proposed bills — the Kids Online Safety Act and the Children and Teens' Online Privacy Protection Act. Senate Committee on Commerce, Science and Transportation Communications Director Tricia Enright said Sen.

CNIL fines software company 800K euros for GDPR violations

France’s data protection authority, the Commission nationale de l'informatique et des libertés, fined software developer Discord 800,000 euros for failing to comply with EU General Data Protection Regulation requirements on data retention periods and personal data security.

FTC extends deadline for compliance with 'Safeguards Rule'

The U.S. Federal Trade Commission extended its deadline for financial institutions to enhance their security safeguards for customers’ personal information. The deadline for compliance with the Safeguards Rule, which requires nonbanking institutions like mortgage brokers and auto dealers to create comprehensive programs to shield customer's personal data, is now June 9, 2023.

Online substance abuse treatment leaves patients vulnerable to privacy violations

Individuals in the U.S. receiving online treatment for substance misuse may not have their medical privacy protected, Wired reports, citing a joint analysis conducted by the Opioid Policy Institute and Legal Action Center. The report examined 12 telehealth sites focused on substance use disorders and found they all embed technology that shares user information with third parties.

India's revised data protection bill scraps localization requirement

The Indian government’s impending data protection legislation is expected to allow the transfer of data and storage in approved locations, the Economic Times of India reports. The new Digital Data Protection Bill reportedly scraps the data localization requirement in its previous incarnation, the Personal Data Protection Bill, that was withdrawn in August.

US medical claims processor breached

The “misconfiguration” of a server for a Kentucky medical claims processing firm for U.S. jails and prisons exposed confidential information of nearly 600,000 inmates, GovInfoSecurity reports. The firm, CorrectCare Integrated Health, reported at least three "unauthorized access/disclosure" breaches to the U.S. Department of Health and Human Services because of the misconfiguration. The breach, which affected inmates who received medical care while incarcerated over the last 10 years, included personally identifiable information.

DSA enters into force; EU lawmakers discuss ePrivacy Regulation

The European Union Digital Services Act, establishing new obligations for online platforms to reduce harms online and introducing stronger user protections, entered into force Nov. 16. Covered entities will have four months to comply with obligations under the DSA.

Twitter appoints 'acting DPO'

Twitter named Renato Monteiro, FIP, as its acting data protection officer following the resignation of several key privacy and security personnel last week, TechCrunch reports. The platform notified its lead data protection supervisor, Ireland's Data Protection Commission, of the appointment. Twitter is required to have a DPO under the EU General Data Protection Regulation.

Discover the latest industry insights and developments with our News from Around the Web page. We curate feeds from a variety of reputable organizations, bringing you a comprehensive overview of relevant news and trends. Stay informed and connected with the most current updates from across the web.

DPC 2022: EU-US Data Privacy Framework touted as challenge anticipated

EDPB adopts recommendations on application for controller BCRs

Children's privacy regulation could see final 2022 push in US Congress

CNIL fines software company 800K euros for GDPR violations

FTC extends deadline for compliance with 'Safeguards Rule'

Online substance abuse treatment leaves patients vulnerable to privacy violations

India's revised data protection bill scraps localization requirement

US medical claims processor breached

DSA enters into force; EU lawmakers discuss ePrivacy Regulation

Twitter appoints 'acting DPO'

Stay Updated with Compliance Insights

Search form

Search form

Search form

Articles from Around the Web

Discover the latest industry insights and developments with our News from Around the Web page. We curate feeds from a variety of reputable organizations, bringing you a comprehensive overview of relevant news and trends. Stay informed and connected with the most current updates from across the web.

Stay Updated with Compliance Insights